Community discussions

MUM Europe 2020

Search found 272 matches

by bjohns
Tue Nov 14, 2017 12:56 am
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 314
Views: 94951

Re: Mikrotik VDSL / DSL Modem?

Tested the Proscend PS180-C-R VDSL2 SFP pair.

CRS317-1G-16S+ <-eth-> CSS106-1G-4P-1S <-vdsl2-> CRS317-1G-16S+

161mbit/sec UDP, 148mbit/sec TCP both directions between the CRS's over a 3m cat5 lead.

Later I'll find a long copper pair on campus to see what speed/distance can be obtained.
by bjohns
Fri Jun 17, 2016 10:43 am
Forum: General
Topic: Feature Request: Application Level Firewall
Replies: 12
Views: 5404

Re: Feature Request: Application Level Firewall

Enterprise Next Generation Firewalls (NGFW) can't do a lot about encryption either - even 'man-in-the-middle' decryption is now problematic with modern browsers and clients. They're resorting to extra-firewall intelligence - cloud based threat analysis and mitigation, DNS monitoring, traffic pattern...
by bjohns
Mon Nov 21, 2011 4:27 am
Forum: Virtualization
Topic: VMWare vCloud
Replies: 2
Views: 2114

VMWare vCloud

Hi Guys, We have a vCloud environment being used as an IT infrastructure Lab. The networking aspect of it all is extremely basic - they use a 'vShield' vAppliance as a two port NAT device to divide up virtual networks within the cloud. I would like to try out using ROS but thought to ask if anyone e...
by bjohns
Mon Nov 21, 2011 4:03 am
Forum: The Dude
Topic: Cisco WiSM/440x Wireless LAN Controller - No. Clients per AP
Replies: 3
Views: 2625

Re: Cisco WiSM/440x Wireless LAN Controller - No. Clients pe

Cheers, I think I know what you mean, but to confirm: The first table is bsnAPIpAddress (1.3.6.1.4.1.14179.2.2.1.1.19) and an example entry is: 1.3.6.1.4.1.14179.2.2.1.1.19.0.25.169.166.246.32 = 192.168.1.101 The second table is bsnAPIfLoadNumOfClients (1.3.6.1.4.1.14179.2.2.13.1.4): 1.3.6.1.4.1.141...
by bjohns
Fri Nov 18, 2011 9:05 am
Forum: The Dude
Topic: Cisco WiSM/440x Wireless LAN Controller - No. Clients per AP
Replies: 3
Views: 2625

Cisco WiSM/440x Wireless LAN Controller - No. Clients per AP

Hi folks, Seeing if I can map out the number of clients attached to a LWAP that is controlled via a WiSM. The table containing the list of APs and the number of clients each is: 1.3.6.1.4.1.14179.2.2.13.1.4 This will display a list of the following types of entries: 0.34.85.242.67.80.0 = 9 Where 0.3...
by bjohns
Thu Oct 07, 2010 12:59 pm
Forum: General
Topic: MUM in Australia. Would you come?
Replies: 115
Views: 23450

Re: MUM in Australia. Would you come?

Yep. Brisbane would be nice.
by bjohns
Sat Sep 05, 2009 2:59 am
Forum: RouterBOARD hardware
Topic: Can somebody explain this? - 433AH nework port failure
Replies: 12
Views: 2054

Re: Can somebody explain this? - 433AH nework port failure

Yeah, tried a bunch of wifi cards, every time I enabled the wireless it'd kernel panic and lose the wifi interfaces. Fiddling around would get them back again and then it'd panic again etc.

So now I'm using a little RB133C instead.
by bjohns
Fri Sep 04, 2009 1:39 am
Forum: RouterBOARD hardware
Topic: Can somebody explain this? - 433AH nework port failure
Replies: 12
Views: 2054

Re: Can somebody explain this? - 433AH nework port failure

Should have read the boards before buying a RB433 with this same issue :|
by bjohns
Sat Jul 12, 2008 2:43 pm
Forum: Wireless Networking
Topic: Next gen wireless card poll
Replies: 57
Views: 25815

Re: Next gen wireless card poll

+1 for MMCX.
by bjohns
Wed Apr 30, 2008 3:08 am
Forum: General
Topic: L7-Filter - regex for FLV/SWF content?
Replies: 4
Views: 3319

Re: L7-Filter - regex for FLV/SWF content?

I'll refine it a bit more and drop it onto the wiki with a summarised howto, hopefully along with a few other matches that I'll need.

The howto on the L7-Filter site is a bit obscure so hopefully I can make it easier to understand.
by bjohns
Tue Apr 29, 2008 9:30 am
Forum: General
Topic: L7-Filter - regex for FLV/SWF content?
Replies: 4
Views: 3319

Re: L7-Filter - regex for FLV/SWF content?

Figured it out, it's quite simply:
get /get_video[\x09-\x0d -~]* http/[01]\.[019]
by bjohns
Sat Apr 26, 2008 3:45 pm
Forum: General
Topic: L7-Filter - regex for FLV/SWF content?
Replies: 4
Views: 3319

L7-Filter - regex for FLV/SWF content?

Long time since I posted - this place is busy these days. I've put my bofh hat on and would like a way of surgically restricting content such as Flash videos and other bandwidth/productivity sinks. Since I'm coming from a pre-3.0 era I'm not up with the new L7 filtering and it's associated regexes a...
by bjohns
Sat Aug 25, 2007 6:03 am
Forum: Scripting
Topic: Perl script to gather Web Accounting data for reporting
Replies: 0
Views: 1703

Perl script to gather Web Accounting data for reporting

Hi guys, There's probably a few of you that have done similar things, but I thought I'd post my code here anyway for comparison/reference purposes (and to give the better programmers here a laugh). The first script grabs the data produced by http://<routeros ip>/accounting/ip.cgi and dumps it into a...
by bjohns
Sun Jul 22, 2007 12:25 pm
Forum: Wireless Networking
Topic: Spectralink
Replies: 0
Views: 595

Spectralink

Has anyone set up RouterOS to play nice with Spectralink based wireless voice services? I have access to a Alcatel OmniPCX 4400 , Alcatel SVP (Spectralink clone) and Alcatel Mobile IP Touch 300 sets. Currently using a Symbol/Motorola WS5000 Wireless Switch with AP300 RF Ports for wireless coverage. ...
by bjohns
Sun Jul 22, 2007 11:56 am
Forum: General
Topic: Mum Australia (I wish) :-)
Replies: 8
Views: 1282

Re: Mum Australia (I wish) :-)

As usual, I'm in.
by bjohns
Tue Jul 10, 2007 2:52 am
Forum: General
Topic: Linux kernel 2.6.22 - New wireless stack
Replies: 0
Views: 1045

Linux kernel 2.6.22 - New wireless stack

http://kernelnewbies.org/Linux_2_6_22#h ... e8d84847cc

Looks interesting - will this assist MT in any way?
by bjohns
Sat Jul 07, 2007 9:06 am
Forum: General
Topic: USB Ethernet adapters with Mikrotik???
Replies: 22
Views: 3628

Re: USB Ethernet adapters with Mikrotik???

D-Link 580 adapters are crap, they have been mentioned a number of times on these forums. If you get one, enjoy your reboots. I've yet to come across a VLAN switch that didn't support VLANs correctly. All in all the standard has been around long enough and most manufacturers have it down. I've used ...
by bjohns
Tue Jun 26, 2007 8:58 am
Forum: General
Topic: Help with OSPF "how to" guide.
Replies: 3
Views: 956

Re: Help with OSPF "how to" guide.

'invalid' is probably a harsh term for them. 'redundant' is probably more appropriate. Treat OSPF as another router 'instance' on the hardware. Meaning that you have your standard router with its connected/static routes, and then another OSPF router sitting on top of it. Since there are already conn...
by bjohns
Mon Jun 25, 2007 3:04 pm
Forum: General
Topic: VLAN Routing Refresher
Replies: 2
Views: 849

Re: VLAN Routing Refresher

I thought as much. I guess that's the main reason for Layer 3 switches; with the router's "interface" sitting on the backplane. Thanks.
by bjohns
Mon Jun 25, 2007 8:59 am
Forum: General
Topic: VLAN Routing Refresher
Replies: 2
Views: 849

VLAN Routing Refresher

Hi guys, Silly question, when routing between VLANs, does ALL traffic go through the router, or does it simply swap tags and let the switch do the rest? So for example I have a bunch of VLANs on a switch, a MT on a stick routing between them. A host on vlan20 wants to establish a connection to a hos...
by bjohns
Sun Jun 10, 2007 7:19 am
Forum: Beginner Basics
Topic: Quick winbox vs CLI hotspot setup question
Replies: 2
Views: 3080

Re: Quick winbox vs CLI hotspot setup question

I'm pretty sure the Winbox hotspot setup wizard does all these things, it's fairly much the same as the cli.
by bjohns
Tue Apr 24, 2007 12:29 pm
Forum: General
Topic: Can't send/recv AOL e-mails
Replies: 3
Views: 1039

AOL have some strict mail relaying rules. Make sure you have a reverse/PTR record set on your mail servers IP and setup a SPF record if you haven't already.
by bjohns
Fri Apr 20, 2007 12:18 am
Forum: General
Topic: Cisco <-> IPIP+IPSec <-> MT
Replies: 3
Views: 2402

Thanks for that.

It's useful having a tunnel for dynamic routing purposes, plus it makes QoS etc easier.
by bjohns
Wed Apr 18, 2007 11:13 pm
Forum: General
Topic: Cisco <-> IPIP+IPSec <-> MT
Replies: 3
Views: 2402

Cisco <-> IPIP+IPSec <-> MT

Currently I have a pair of Cisco 857's running with a IPSec 'tunnel' between. I would like to replace one of the Cisco's with a MT router. What would the RouterOS config to match the following Cisco config be? crypto isakmp policy 10 authentication pre-share crypto isakmp key ######### address 1.1.1...
by bjohns
Wed Apr 04, 2007 12:33 pm
Forum: General
Topic: ScrubIT Porn Blocking DNS
Replies: 7
Views: 3352

http://www.opendns.com has adult content blocking on its agenda. No exact ETA at this stage however they mentioned mid this year.

I use them for URL spelling correction, searching and phishing site filtering.
by bjohns
Mon Apr 02, 2007 12:39 am
Forum: Wireless Networking
Topic: "EDIT" Hotspot + coincheker. I ll pay for help or
Replies: 11
Views: 2204

Maybe using a coinchecker with a serial interface - RouterOS can do some things directly with the serial port.
by bjohns
Sun Apr 01, 2007 6:59 am
Forum: General
Topic: List of Beta bugs / Features?
Replies: 2
Views: 1369

Maybe a publicly accessible bug tracker might be the go. Could be 'read-only' or maybe it can allow someone to submit a bug along with a supout file etc.

At least it'll provide a list of currently known bugs.
by bjohns
Sun Apr 01, 2007 6:55 am
Forum: Wireless Networking
Topic: Activation email for user manager = JOKE???
Replies: 20
Views: 3633

"because account is made and activated at the time of payment"

I take that to mean that they pay, account is enabled, they are logged in automatically. Thus they will now have access to their e-mail to obtain a username/password for subsequent sessions...
by bjohns
Sun Apr 01, 2007 6:49 am
Forum: Wireless Networking
Topic: Cusomer Accounts and Billing/Payment Solution
Replies: 47
Views: 14556

What's the experience been like with Wireless Orbit to date? I'm wondering what the radius reply times are like - ie if they're fairly average in the US then use from Europe/Australia and other parts might be limited due to timeouts. It's a good concept and I would like to have them as an option for...
by bjohns
Thu Mar 29, 2007 12:56 am
Forum: General
Topic: Fidelio & Mikrotik
Replies: 17
Views: 7054

Fidelio has an API, the reference for it costs a fair bit. It would have to be the more popular PMS around, however as mentioned, there's a lot of them and each with it's own way of doing things. You're probably better off developing a 'black box' of sorts that sits between the MT and various PMS sy...
by bjohns
Wed Mar 28, 2007 1:58 am
Forum: General
Topic: Bridging VLANs?
Replies: 7
Views: 1611

Simply search for Intra-VLAN Bridging

http://www.cisco.com/en/US/tech/tk389/t ... 7af6.shtml

It's not 'impossible' its just you should carefully think about it before doing so , consider all of your options.
by bjohns
Wed Mar 28, 2007 12:44 am
Forum: General
Topic: hotspots and accounting
Replies: 1
Views: 768

Look at the 'Traffic Flow' feature - it supports NetFlow export etc.
by bjohns
Tue Mar 27, 2007 7:55 am
Forum: Wireless Networking
Topic: Will this work on Microtik Hotspot
Replies: 5
Views: 1318

iPass/bongo usually do it based upon a prefix/realm. No reason you can't do the same thing - when they select their ISP append a realm or something onto their username and base pricing etc upon it. The other way is to run multiple Virtual APs, and map them through to each ISP that wishes to particip...
by bjohns
Fri Mar 23, 2007 7:38 am
Forum: General
Topic: Vote for new RouterOS features!
Replies: 48
Views: 12423

Are there any miniPCI based GPS devices?

Commell make one although there aren't any specifications detailing accuracy/speed.
by bjohns
Sun Mar 18, 2007 11:45 pm
Forum: General
Topic: Bridging VLANs?
Replies: 7
Views: 1611

It will work as I have done similar things. Although the general consensus around here is that bridging vlans should be avoided if at all possible.
by bjohns
Sun Mar 18, 2007 3:36 am
Forum: General
Topic: 2.9.40 hotspot user profile rate-limit
Replies: 3
Views: 1846

I found out something important - limits in user profile apply only at the time of the user login. First login will create dynamic queue and it will stay there until the user will expire. Any user profile limit change during that time will not affect this dynamic queue. Correct. If using RADIUS you...
by bjohns
Sun Mar 18, 2007 12:07 am
Forum: General
Topic: FreeRADIUS 1.1.4 + Mikrotik Dictionary broken?
Replies: 7
Views: 1795

I believe that version of FreeRADIUS has a MikroTik dictionary built in as such, no need to add an external one. :) It's had a very basic mikrotik dictionary since 1.0 I think. I had to still load the Mikrotik supplied one into 1.1.4 because many attribs didn't exist or had changed (many now have t...
by bjohns
Sat Mar 17, 2007 1:51 pm
Forum: General
Topic: Why are folks asking for MPLS support?
Replies: 9
Views: 2026

I don't know what you're getting at. But if I was a network provider (meaning that I have a bunch of routing/switching/wireless gear interconnected together) and I wanted to share that with other entities, I would much rather just use MPLS and not worry about all the IP etc - they use whatever they ...
by bjohns
Sat Mar 17, 2007 9:24 am
Forum: Wireless Networking
Topic: [ASK] building HotSpot network
Replies: 4
Views: 1110

http://wiki.mikrotik.com/wiki/How_to_ma ... ot_gateway

I'm guessing you have read the above howto in the wiki?

One hotspot per interface, so just use two to do what you want.
by bjohns
Sat Mar 17, 2007 9:14 am
Forum: General
Topic: Why are folks asking for MPLS support?
Replies: 9
Views: 2026

There's a lot MPLS offers, the first thing that springs to mind is enabling multiple ISPs to share the same infrastructure, such as Hotspots. As for size, I think quite a few people here have sizable networks. I feel small with 50 hotspots and 25 APs/clients located throughout the east coast of Aust...
by bjohns
Thu Mar 15, 2007 2:55 am
Forum: General
Topic: FreeRADIUS 1.1.4 + Mikrotik Dictionary broken?
Replies: 7
Views: 1795

FreeRADIUS 1.1.4 + Mikrotik Dictionary broken?

Update to 1.1.4: * VALUEs can only be defined for 'integer', to catch mistakes with setting VALUEs for type 'string'. Because of this I had to remark out all the Cisco Values such as: VALUE H323-Disconnect-Cause Local-Clear 0 For freeradius to accept the dictionary. Don't ask me why, it just error'd...
by bjohns
Thu Mar 15, 2007 12:46 am
Forum: General
Topic: Dynamic queues for Hotspot
Replies: 5
Views: 1319

With freeradius you can set this using radgroupreply - I don't know about user-manager, but it should be possible or easily implemented.
by bjohns
Wed Mar 14, 2007 4:37 am
Forum: General
Topic: Bridging VLANs?
Replies: 7
Views: 1611

From the outset it looks kind of odd - why not just bridge ether1 and ether2 and let the vlan traffic just travel through like any other?
by bjohns
Wed Mar 14, 2007 4:33 am
Forum: General
Topic: Dynamic queues for Hotspot
Replies: 5
Views: 1319

Edit the 'Rate-Limit' attribute within the Hotspot User Profile. Or if using radius set the Mikrotik-Rate-Limit attribute.
by bjohns
Thu Mar 08, 2007 6:00 am
Forum: General
Topic: ELDAP Authenication
Replies: 4
Views: 1156

LDAP is a protocol used by many different systems/products, the same goes for RADIUS.

How do you propose for us to predict which particular implementation of LDAP/RADIUS you intend on using?

Tell us about the intended environment and exactly what you would like to achieve.
by bjohns
Tue Mar 06, 2007 2:37 am
Forum: General
Topic: NetBios traffic over a VPN
Replies: 11
Views: 6385

From the site linked by tneumann:
You can enable NetBT broadcast forwarding (UDP ports 137 and 138) on some routers. However, the practice of enabling NetBT broadcast forwarding to simplify NetBIOS name resolution is highly discouraged.
So I would lean towards WINS.
by bjohns
Tue Mar 06, 2007 1:31 am
Forum: General
Topic: NetBios traffic over a VPN
Replies: 11
Views: 6385

Usually UDP broadcast forwarding, think DHCP relay with a different destination port (137 instead of 67).
Sounds like something you can mimic using RouterOS, if not then maybe MT would like to include something like this?
by bjohns
Tue Mar 06, 2007 12:04 am
Forum: General
Topic: NetBios traffic over a VPN
Replies: 11
Views: 6385

Setting up a WINS server isn't that difficult - if there's a windows server then its just turning it on. Otherwise Samba is excellent. This would be my suggestion for a client/server style VPN.

Interesting the Linksys ones do this - I might investigate them further and see what kind of magic it is.
by bjohns
Thu Mar 01, 2007 7:41 am
Forum: Wireless Networking
Topic: Cusomer Accounts and Billing/Payment Solution
Replies: 47
Views: 14556

Sorry to bump and old thread for self gratification - but given the hits on my blog originating from this thread I think there must be some interest in what I'm doing. http://naturalnetworks.blogspot.com/2007/03/revised-hotspot-interface.html Nearly finished the remote hotspot interface. Now have Pa...
by bjohns
Thu Mar 01, 2007 1:12 am
Forum: General
Topic: Change of Authorization with FreeRadius and Mikrotik
Replies: 6
Views: 5618

http://wiki.freeradius.org/Radclient
echo "Framed-IP-Address=<client ip>,Rate-Limit=<limit values>" | /usr/local/bin/radclient <routeros ip>:1700 coa s3cr3t
by bjohns
Wed Feb 28, 2007 12:06 am
Forum: General
Topic: Hotspot giving Vista BSOD
Replies: 8
Views: 1653

I would contact microsoft. If something as simple as a browser redirect is causing a BSOD it needs to be fixed by them, not mikrotik.
No, Mikrotik should support chickens :P
by bjohns
Tue Feb 27, 2007 1:38 pm
Forum: General
Topic: AMD Geode SC1100 Discontinued?
Replies: 6
Views: 1475

Jimojo are in direct competition, and I've attempted contact with Goldentek some time ago and received no response. Thus why I have been a happy wrap customer because of a very good local supplier of that equipment.
by bjohns
Tue Feb 27, 2007 1:31 pm
Forum: General
Topic: AMD Geode SC1100 Discontinued?
Replies: 6
Views: 1475

For a MIPS based solution I'm sure the Infineon chip is great. Still waiting on a local supplier of RouterBoards tho ;)

It looks like the new AMD Geode LX800's will be used in the wrap boards:

http://www.amd.com/us-en/ConnectivitySo ... 22,00.html
by bjohns
Tue Feb 27, 2007 7:32 am
Forum: Wireless Networking
Topic: Hotspot question
Replies: 3
Views: 844

I would just get some off the shelf AP that supports WDS and install it as a repeater at the other location.
by bjohns
Sat Feb 24, 2007 1:36 am
Forum: General
Topic: tcp window size...
Replies: 16
Views: 5201

The RFC indicates that TCP Window Scaling occurs at the transport layer. Makes sense to me since it's a transport layer protcol... The window scale extension expands the definition of the TCP window to 32 bits and then uses a scale factor to carry this 32-bit value in the 16-bit Window field of the ...
by bjohns
Thu Feb 22, 2007 12:07 am
Forum: General
Topic: AMD Geode SC1100 Discontinued?
Replies: 6
Views: 1475

AMD Geode SC1100 Discontinued?

...the AMD Geode SC1100 processor has been discontinued, and the 266MHz processor is no longer available. Supplies of the 233MHz processor are also limited. This means that the WRAP and net4801 boards have to be redesigned to accommodate a new processor. News from the manufacturers is that this pro...
by bjohns
Mon Feb 19, 2007 2:00 pm
Forum: General
Topic: Attributes for use with Freeradius
Replies: 8
Views: 1791

Rate-Limit += 128k/512k 256k/512K 64K/128K 60/60 5

That will do what you ask, bursting for 60 seconds on each, and will assign a priority of 5 to each queue.
by bjohns
Sat Feb 17, 2007 2:20 pm
Forum: Wireless Networking
Topic: Cusomer Accounts and Billing/Payment Solution
Replies: 47
Views: 14556

I wasn't referring to Wireless Orbit, just the operating over water part.
by bjohns
Sat Feb 17, 2007 3:45 am
Forum: General
Topic: RTL8110SC Realtek Chipset
Replies: 9
Views: 2888

Same for me, I would like to use the Commell LE565 platform (1GHz Via, 4 x Realtek RTL 8110S-32 Gigabit Ethernet controller) instead of the LE564 one (533MHz Via, 4 x Realtek 8137C+ 10/100 Mbps).
by bjohns
Thu Feb 15, 2007 8:22 am
Forum: Wireless Networking
Topic: Ubiquiti 600 mw card out for 2 and 5 Ghz
Replies: 59
Views: 13294

-- More time and money to eat pizza, drink beer, sleep. I didn't see that on the spec sheet, how do you know of this feature? :P I'll try one or two out when the local supplier gets them in. The only time we use higher power is when using a very low gain antenna - ie to get the maximum vertical cov...
by bjohns
Wed Feb 14, 2007 10:42 am
Forum: General
Topic: WISPr-Session-Terminate-Time error
Replies: 7
Views: 3299

So the time should be in 24hr format then?

Thanks.
by bjohns
Wed Feb 14, 2007 8:53 am
Forum: Wireless Networking
Topic: Remote solar powered AP - UPS suggestions?
Replies: 18
Views: 3413

That sounds similar to using a Cisco router as a terminal server - telnet to port 200x for each async port to test/configure the analog modems. I'll definitely have a look at this since it could also be used for remote environment monitoring. Just tested it with a Linksys SRW224G4 switch and it work...
by bjohns
Wed Feb 14, 2007 12:15 am
Forum: General
Topic: WISPr-Session-Terminate-Time error
Replies: 7
Views: 3299

I had considered that but the manual says:

T - either "A" for AM, or "P" for PM;

So I thought "T" was merely a gap filler to be replaced with A or P?
by bjohns
Tue Feb 13, 2007 6:47 am
Forum: General
Topic: WISPr-Session-Terminate-Time error
Replies: 7
Views: 3299

WISPr-Session-Terminate-Time error

Receiving an error when passing this attribute to the Hotspot: Required format: YYYY-MM-DDThh:mm:ssTZD hotspot,error,info,debug testuser10 (172.16.101.250): ignoring invalid session terminate time <2009-05-07P11:59:59+10:00> from RADIUS Manual says that TZD can be in the form of: +hh:mm", "+hhmm", "...
by bjohns
Tue Feb 13, 2007 12:24 am
Forum: Scripting
Topic: Redirect hotspot user to different page
Replies: 14
Views: 5742

On the login page you will need to 'capture' the link-orig var and save it somewhere, like in the users session/cookie. Then you can recall it from the status screen.

The MT lets go as soon as it submits the form data, so it wouldn't know anything about your status screen.
by bjohns
Mon Feb 12, 2007 3:12 am
Forum: Wireless Networking
Topic: How much can a cable bend?
Replies: 10
Views: 1903

Also don't forget there's LOTS of connector styles out there and the chances are that you can find one that suits your particular application - ie a right angle entry.
by bjohns
Sun Feb 11, 2007 9:16 am
Forum: Wireless Networking
Topic: Hotspot Problem
Replies: 4
Views: 1032

If appropriate, you could also look at setting up a VirtualAP for hotspot clients.
by bjohns
Sun Feb 11, 2007 9:09 am
Forum: General
Topic: all features of winbox in webbox
Replies: 14
Views: 4574

I agree that the webbox should not include the 'full' feature set as winbox does - however I think it should be brought up to a feature level equal to that of say a Linksys or Netgear firewall/router.
by bjohns
Sat Feb 10, 2007 1:46 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 76733

In addition to waiting to hear from the users on what they would like implemented - I would hope MT are looking to the competition on what they are offering. For example Vyatta may be a young project but it's got a nice wish list that would be worth a look. I have mentioned various features of Colub...
by bjohns
Sat Feb 10, 2007 7:52 am
Forum: General
Topic: HotSpot HTTP-CHAP/RADIUS authentication
Replies: 5
Views: 3743

I touched upon methods of passing the MD5 encrypted password from the backend to the MT for authen. I couldn't work it out when I tried but I might revisit it again now that I have a few more ideas on how to do it.

I'm currently using https login.
by bjohns
Fri Feb 09, 2007 7:09 am
Forum: Wireless Networking
Topic: Xtreme Ubiquiti Range 2/3/5
Replies: 8
Views: 2315

I wonder if the ESD/EMP protection will fix up the woes people have been having with the Pacific Wireless collinear antennas?

They look good on paper and if the SR series is anything to go by they should be good performers.
by bjohns
Wed Feb 07, 2007 4:14 am
Forum: General
Topic: Hotspot+Transparent Proxy+Hotmail
Replies: 2
Views: 1125

Hotspot+Transparent Proxy+Hotmail

I noticed there are a few bug fixes re IE6+Proxy regarding Hotmail access but just now I had a user who kept receiving a '400' error from the routeros proxy after submitting to the 'live sign-in'. I disabled transparent proxy in the default hotspot user profile and this fixed the issue. RouterOS ver...
by bjohns
Wed Feb 07, 2007 1:32 am
Forum: General
Topic: Hotspot Radius auto-logoff
Replies: 13
Views: 3738

With FreeRADIUS you tweak the sql.conf file.
by bjohns
Tue Feb 06, 2007 3:21 am
Forum: Wireless Networking
Topic: Why p2p kills 2.4Ghz network ?
Replies: 8
Views: 1793

I would say its the small packets that cause the most problems. Nstream assists because of its packet packing and polling mechanisms.

I supply a few student accommodation sites via a wireless backhaul and NStream deals with the torrent traffic nicely.
by bjohns
Sat Jan 27, 2007 10:00 am
Forum: Wireless Networking
Topic: Cusomer Accounts and Billing/Payment Solution
Replies: 47
Views: 14556

Yeah, just a little bit of experience :P I get best results using horizontal, most of my installations have either a PacWireless 4 (10dBi) or 12slot (15dBi) waveguide. Some omni-directional (double sided) for repeaters. They seem to perform a lot better than verticals over water. Plus they have a bi...
by bjohns
Mon Jan 22, 2007 1:25 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 76733

To add yet another use for serial port interaction. Many modern charge controllers also have serial interfaces. Having the ability to read this data via the MT would save monitoring equipment at the very least.
by bjohns
Mon Jan 22, 2007 10:41 am
Forum: General
Topic: hotspot user profiles
Replies: 3
Views: 2003

Yes, rate-limit lets you set pretty much everything queue wise.

However I'd like a upload/download MB limit. Ie trial user profile permitting 50MByte download quota.
by bjohns
Mon Jan 22, 2007 5:50 am
Forum: General
Topic: isolate each port?
Replies: 8
Views: 1405

does anyone know if the MT Vlan Tags are compatable with a Cisco 1900 or 2900XL? tks
29xx running 802.1q, yes. 19xx no. You can run ISL into a 29xx and map them to dot1q before sending to MT.
by bjohns
Sun Jan 21, 2007 11:54 pm
Forum: General
Topic: isolate each port?
Replies: 8
Views: 1405

Private VLAN Edge (PVLAN):
http://www.cisco.com/en/US/tech/tk389/t ... _home.html

Dunno about the 1900 series, probably individual VLANs. I use PVLANs on SMC TigerAccess 7724 VDSL switches with success.
by bjohns
Sun Jan 21, 2007 1:07 am
Forum: General
Topic: Configuring VLAN between Cisco 1900 and RouterBoard 500
Replies: 6
Views: 1690

A good trick is to set up your 1900's all over the place and consolidate them into a 2900 and then use vlan mapping to map the ISL trunks to 802.1q ones.
by bjohns
Wed Jan 17, 2007 1:15 am
Forum: General
Topic: Sniff port int1>int3 (duplicated out int)
Replies: 4
Views: 722

Running the 'Packet Sniffer' tool and streaming it to the PC not appropriate?
by bjohns
Wed Jan 17, 2007 1:08 am
Forum: General
Topic: Small suggestion regarding Hotspot+SSL
Replies: 0
Views: 995

Small suggestion regarding Hotspot+SSL

When using a SSL certificate to secure a hotspot - why not grab the dns name from the certificate and automatically assign it to the hotspot?

I'm not sure how this would work for a wildcard cert tho.
by bjohns
Tue Jan 16, 2007 12:48 pm
Forum: General
Topic: Need a consultant for BGP setup
Replies: 6
Views: 1193

As much as I would like to play around with such a network, BGP isn't my main area.

How on earth did you score a /22 in Australia?!?!? Did you ram-raid a university data facility or something?

How much did the AS set you back, if you don't mind me asking?
by bjohns
Tue Jan 16, 2007 12:46 pm
Forum: Wireless Networking
Topic: 2.4Backbone and 2.4 Local
Replies: 13
Views: 1492

Pacwireless makes a few. But I haven't used any myself. I only use 2.4Ghz Vert. antennas for small hotspot repeaters, never on towers. I usualy start with 90* and work down from there. Yes, their horizontal sector/omni's are same as what we use (but resold as 'Hills Antennas' over here) as linked a...
by bjohns
Tue Jan 16, 2007 9:53 am
Forum: Wireless Networking
Topic: Pros & Cons - Single radio APs vs. Multi-radio APs
Replies: 6
Views: 1347

Have you tried running MT on the WRAPs? I haven't had any problems with a MT/WRAP combination.
by bjohns
Tue Jan 16, 2007 9:39 am
Forum: Scripting
Topic: Hotspot - Location/Location ID
Replies: 3
Views: 2099

Variables
$(location-id)
$(location-name)
are available in all hotspot html pages. It was added in version 2.9.36.
Excellent! Thanks.
by bjohns
Tue Jan 16, 2007 1:57 am
Forum: Scripting
Topic: Hotspot - Location/Location ID
Replies: 3
Views: 2099

Any other advice on how to send back the location-id of the hotspot to the remote login site?
by bjohns
Tue Jan 16, 2007 1:52 am
Forum: Wireless Networking
Topic: 2.4Backbone and 2.4 Local
Replies: 13
Views: 1492

I think Janisk was trying to be funny. I hope!
I was wondering if he was, but with all the weird antennas kicking around these days who knows.
by bjohns
Tue Jan 16, 2007 1:44 am
Forum: General
Topic: Problem with 512MB CF Card
Replies: 12
Views: 1690

64 MB Biwin cards are incredible when they are fixed.
When fixed?
by bjohns
Mon Jan 15, 2007 3:54 pm
Forum: Wireless Networking
Topic: Subnet Size
Replies: 2
Views: 551

a /23 will give you 510 usable addresses.

I'm guessing that you'll make that the address pool to assign to each connection? If so then each link will be a /32 anyway and broadcast traffic etc should be minimal I think. I might be wrong tho.
by bjohns
Mon Jan 15, 2007 3:45 pm
Forum: Wireless Networking
Topic: 2.4Backbone and 2.4 Local
Replies: 13
Views: 1492

What does a horizontally polarized Omni directional antenna look like ? Regards Piri http://photos1.blogger.com/blogger/4418/1475/1600/MagneticIs_05.jpg That's a 16.5dBi 12 Slot WaveGuide 95° Sector. You can get 13dBi (double sided) that covers 360° (omni) and smaller ones that are 12dBi and 9dBi r...
by bjohns
Mon Jan 15, 2007 11:15 am
Forum: Wireless Networking
Topic: 2.4Backbone and 2.4 Local
Replies: 13
Views: 1492

We do this often. Vertical polarised directional with a Horizontal polarised onmi/sector. Keep the antennas as far apart as possible and use Ch 1 and 11 etc.
by bjohns
Mon Jan 15, 2007 11:05 am
Forum: General
Topic: Problem with 512MB CF Card
Replies: 12
Views: 1690

our tested sandisk worked.
Apparently there are quite a few 'fake' sandisk cards going around too - something to be wary of.

I use Sandisk and 'Biwin' (cheap, but they work).
by bjohns
Mon Jan 15, 2007 2:40 am
Forum: General
Topic: [RFC] Network Build for Student Accommodation Network
Replies: 7
Views: 1202

Yes, they should not appear on the VLAN interface. Maybe you should have MT support look into this, could be a bug...

--Tom
Okay, I'll test a bit further (using bridge/no bridge etc) and send off the supout.

Current Topology
by bjohns
Sun Jan 14, 2007 2:48 pm
Forum: General
Topic: Radius Server versus MT User Manager
Replies: 3
Views: 834

The User Manager is a fairly new addition to RouterOS. Also many people use commercial/custom ISP billing systems that use radius.
by bjohns
Sun Jan 14, 2007 2:45 pm
Forum: General
Topic: [RFC] Network Build for Student Accommodation Network
Replies: 7
Views: 1202

I will go with 3 MT systems, each with one vlan per campus. Then run pppoe and hotspot on this shared vlan with shared ip pool. I was considering something like this. I might actually do so now. About the issue - may be untaged frames are going into router via ether2 interface, not via valn subinte...
by bjohns
Sun Jan 14, 2007 12:53 pm
Forum: General
Topic: [RFC] Network Build for Student Accommodation Network
Replies: 7
Views: 1202

I was hoping to run both the PPPoE and Hotspot on the one interface with the appropriate security in place. Pairing up VLANs into bridges would allow me to run three sets of services instead of six, one service type per each location. What I will do is include a dedicated PPPoE concentrator that wil...
by bjohns
Sat Jan 13, 2007 3:06 pm
Forum: General
Topic: [RFC] Network Build for Student Accommodation Network
Replies: 7
Views: 1202

Been testing things and I've come across something odd. All 6 VLANs are on ether2 (on the test box, single interface). I have these combined into pairs using three bridges. When I connect straight to ether2 to run some test on a default setup I have on that interface, the router assumes all traffic ...
by bjohns
Sat Jan 13, 2007 8:18 am
Forum: General
Topic: src and dest address
Replies: 6
Views: 1067

With the pcq-clasifier option, can you have both src & dst in the same one? Just use th eone for upload and download? Thanks One in each. If you did both in one then it would be per each and every connection (or sets with same src/dst) - good if you want to set a maximum 'per connection' limit but ...
by bjohns
Sat Jan 13, 2007 2:43 am
Forum: General
Topic: src and dest address
Replies: 6
Views: 1067

Thanks :-)

So for a normal download src-adreess would be a webserver and dst-addtress would be customer?

Thanks
That depends on what chain etc. Eg:

Input chain - dst-address = router
Output chain - dst-address = web
Forward chain - dst-addres = hosts/web
by bjohns
Fri Jan 12, 2007 3:29 pm
Forum: General
Topic: What size DOM / Disk On Module to purchase?
Replies: 6
Views: 1108

which is good enough and since I wont be caching anything I should be in great shape.
Could always use the 4Gb hdd as a cache drive - it's not like its good for much else anyway.
by bjohns
Fri Jan 12, 2007 2:47 pm
Forum: General
Topic: [RFC] Network Build for Student Accommodation Network
Replies: 7
Views: 1202

[RFC] Network Build for Student Accommodation Network

Hello, I'm in the process of creating a config (MT RouterOS 2.9.38) for a Hotspot+PPPoE network to suit a 3 campus, 950 Room on-campus student accommodation network. I would like to hear other peoples opinions on what I have so far, to make sure no issues spring up during install and production. Par...
by bjohns
Fri Jan 12, 2007 3:38 am
Forum: Scripting
Topic: Hotspot - Location/Location ID
Replies: 3
Views: 2099

Hotspot - Location/Location ID

Hello, Referring to the Location ID and Location Name RADIUS values in the Hotspot Server Profiles. Are these values available as a var in the hotspot login page? I want the location passed back to the backend server, and it would be better if I could avoid statically setting this in the login redir...
by bjohns
Thu Jan 11, 2007 1:55 pm
Forum: General
Topic: http://www.mikrotik.com/docs/ros/2.9/guide/accounting
Replies: 10
Views: 1684

We just devised a php script that grabs the list of gateways from the radius NAS/client table in mysql and gets the output from the cgi and records the values into another table. Main reason was to gather 'free' traffic and credit it back to the user accounts. I'll see about posting it here once we'...
by bjohns
Wed Jan 10, 2007 12:27 am
Forum: General
Topic: How much Mikrotik can Handle
Replies: 42
Views: 8609

I can source them locally for $1150AUD, that's with 768MB memory. So your prices are comparable (1AUD ~= 0.75USD).
by bjohns
Tue Jan 09, 2007 9:04 am
Forum: General
Topic: How much Mikrotik can Handle
Replies: 42
Views: 8609

bjohns, so what about your expirience with VIA-based device?
The project has reached the 'red tape' stages of legal agreements etc. I expect to have something on the bench in the next few weeks.
by bjohns
Mon Jan 08, 2007 2:05 pm
Forum: General
Topic: UDP connections
Replies: 4
Views: 1163

'torrent traffic does tend to lead to network issues, especially in regards to congestion and general router loads. The sheer number of connections generated by a single user can be considerable. First I would limit the number of connections a single user can have. There's not really any point tryin...
by bjohns
Sun Jan 07, 2007 12:30 pm
Forum: General
Topic: 2.9.39 is out
Replies: 10
Views: 1739

Re: 2.9.39 is out

I'm just about to roll out a wifi network using nstream+wpa2... Tip: stick to fixed key for static links. It's replacing a Proxim network btw - no one, not even Proxim themselves, can find a fix for the MP.11a's constant packet loss :/ Somehow i've heard that one before. How does it appear? Yep, us...
by bjohns
Fri Jan 05, 2007 2:10 pm
Forum: Wireless Networking
Topic: Time out and Lantency
Replies: 22
Views: 3441

Only during the night? What's the environment like? Does it occur during summer/winter etc?
by bjohns
Fri Jan 05, 2007 2:00 pm
Forum: General
Topic: 2.9.39 is out
Replies: 10
Views: 1739

Re: 2.9.39 is out

*) fixed encrypted link establishment when using nstreme; What are the specifics of this particular fix? I'm just about to roll out a wifi network using nstream+wpa2... It's replacing a Proxim network btw - no one, not even Proxim themselves, can find a fix for the MP.11a's constant packet loss :/
by bjohns
Thu Jan 04, 2007 1:06 pm
Forum: General
Topic: RouterOS "ARP syndrome" or "ARP leak"
Replies: 12
Views: 2579

in linux and routeros the address belongs to the router, not to the interface. the router will answer regarding all it's addresses. the interface entity is only used to create the default route, and that is it's only use
I believe this to be the case with most, if not all real routers.
by bjohns
Thu Jan 04, 2007 12:12 pm
Forum: Wireless Networking
Topic: Max output power in Australia
Replies: 4
Views: 875

Looking through the news section and found this too: ACMA seeks comments on proposals for broadband wireless access services in regional areas in the band 1785-1795 MHz and remote areas in the band 1785-1805 MHz Should I bug MT regarding the support of the random radio devices that will pop out to s...
by bjohns
Thu Jan 04, 2007 11:59 am
Forum: Wireless Networking
Topic: Max output power in Australia
Replies: 4
Views: 875

ACMA approved power limits : 915 MHz - 928 MHz Not exceeding 1W EIRP 2400 MHz - 2483.5 MHz Not exceeding 4W EIRP 5150 MHz - 5350 MHz Not exceeding 200mW EIRP 5725 MHz - 5850 MHz Not exceeding 4W EIRP So what's been suggested to you is half correct. The 5GHz ISM band is split into two parts in Austr...
by bjohns
Sun Dec 31, 2006 10:38 am
Forum: General
Topic: Mitigating Hotspot Trial-User abuse?
Replies: 1
Views: 694

Mitigating Hotspot Trial-User abuse?

I would like to know what other people are doing to control abuse of the trial-user facility. I find some people like to abuse it by changing their MAC address after the session time is consumed and simply continue on. I would like a method of obtaining a 'signature' of such users and deny them acce...
by bjohns
Fri Dec 29, 2006 7:20 am
Forum: General
Topic: MIKROTIK AND TV
Replies: 4
Views: 1285

If it is the Cat5, stick a ferrite choke around it, close where it meets the unit outside.
by bjohns
Wed Dec 27, 2006 2:03 am
Forum: Wireless Networking
Topic: wireless interface driver problems
Replies: 4
Views: 934

I've seen the same behavior but only with the NMP-8602 PLUS. It would appear to be that the WRAP1 does not like that particular adapter. The same adapter works fine in a WRAP2. I've tried many different boards and adapters however that combination always has the problem described by the OP. This is ...
by bjohns
Sun Dec 24, 2006 6:05 am
Forum: Wireless Networking
Topic: WDS Configuration
Replies: 11
Views: 2647

WiFi is half duplex, therefore to repeat you loose half your bandwidth. Otherwise use two radios.

Doesn't have anything to do with WDS specifically, they're just saying that repeating using WDS will demonstrate that behavior.
by bjohns
Wed Dec 20, 2006 12:55 am
Forum: General
Topic: ssl certificate
Replies: 3
Views: 1063

Not sure about that one, I manually apply the certificates.

Best ask in 'scripting' - I would hazard a guess that an expect script of some kind would be used.
by bjohns
Sat Dec 16, 2006 4:01 am
Forum: General
Topic: ssl certificate
Replies: 3
Views: 1063

I found the same thing. Certificates have to be in / to work.
by bjohns
Thu Dec 14, 2006 1:55 am
Forum: General
Topic: Hotspot problem with Apple Mac
Replies: 4
Views: 1665

Looks like maybe a builtin firewall is blocking part of the DHCP handshake.
Maybe, but this is usually represented by a 'Offered' with no 'Assigned' in the dhcp logs.

What's the DHCP Server config on the hotspot?

I'd be interested to see what the ARP table is doing as well.
by bjohns
Wed Dec 13, 2006 12:31 pm
Forum: General
Topic: altering byte counter on pppoe interface
Replies: 7
Views: 1354

And what would be the use for that?
Probably to discount free traffic or something like that.
by bjohns
Sat Dec 09, 2006 12:41 am
Forum: General
Topic: *Smarter* Bandwidth Control and Accounting
Replies: 7
Views: 4520

I am faced with the same issue. It would be nice to have the ability to remove accounting for certain source/destination addresses before it gets sent to the radius server. Currently my option is to use Netflow/cgi to pull all the accounting data off the router, add up all the free traffic per user ...
by bjohns
Thu Dec 07, 2006 7:23 am
Forum: General
Topic: How much Mikrotik can Handle
Replies: 42
Views: 8609

The 978 Mbit was in EACH dirrection. I am going to see if I cant feneggle some 10Mbit cards out of Intel to try out... Now,,, Who can I scrounge a 10Gigabit switch from ??? Hmmm..... Craig You mean 10Gbit cards right? You've said 10Mbit twice now and I think you'll find them harder to find new than...
by bjohns
Wed Dec 06, 2006 7:03 am
Forum: Wireless Networking
Topic: switch ALL APs to single SSID?
Replies: 18
Views: 2686

I guess you could use a ping script/netwatch to shutdown the wireless upon failure?
by bjohns
Mon Dec 04, 2006 1:21 pm
Forum: General
Topic: GIS/WISPr xml pages for hotspot smart client support 2.9.36
Replies: 4
Views: 2465

I solve this problem because I configure all my mt with the same domain in the hotspot interface. So I bought the SSL cert for this domain and I installed in all my hotspots. Yes, iPass want that valid SSL in place - can't use a dummy cert. It would be nice if they issued them under their own CA an...
by bjohns
Mon Dec 04, 2006 1:15 pm
Forum: General
Topic: more PPPoE Server
Replies: 6
Views: 1321

Sounds like a client issue. Each PPPoE service on the line will respond to the PADI packet with a PADO packet. The client will isolate which one it wants to use based upon the Service Name. So if the client is ignoring all the other offers and only looking for the set one... PADI Payload: PPPoE Tags...
by bjohns
Mon Dec 04, 2006 1:06 pm
Forum: General
Topic: Wireless Driver Changes?
Replies: 1
Views: 1199

Re: Wireless Driver Changes?

Also, I while ago their was a big flame war about routerOS and small packets, will there be any change with this?
I'd be interested in anything that can address the small packet issue too.
by bjohns
Mon Dec 04, 2006 1:03 pm
Forum: General
Topic: GIve us a WGET
Replies: 11
Views: 4898

why do you want to configure all your routers to do something, that can be done on one PC that does the `push` thing. A combination of the two is used by other hotspot access controllers. Set up a radius user for the access controller that contains a bunch of AVPair attibs with values like login-ur...
by bjohns
Mon Dec 04, 2006 12:51 am
Forum: Wireless Networking
Topic: switch ALL APs to single SSID?
Replies: 18
Views: 2686

We cover a few buildings in a similar fashion and we just use a single ssid - the clients are pretty good at picking the best source and not hopping between APs. Haven't had any issues relating specifically to that anyway.
by bjohns
Sat Dec 02, 2006 7:53 am
Forum: General
Topic: freeradius vs mikrotik
Replies: 1
Views: 727

by bjohns
Fri Dec 01, 2006 3:15 am
Forum: General
Topic: Limit bogus ssh logins solved (at least for me)
Replies: 10
Views: 3658

I was going to work out something similar to that, but I'm lazy :D

Thanks, I'll stick that into the configs.
by bjohns
Fri Dec 01, 2006 3:11 am
Forum: General
Topic: Torch screen capture - What do you think he/she is doing?
Replies: 13
Views: 2914

could be encrypted uTorrent or Azureus these can't be dropped? Not easily - deep packet inspection isn't possible due to the encryption. Other means of tagging the packets will need to be devised and I think that's easier said than done. I haven't specifically looked at such traffic although if the...
by bjohns
Thu Nov 30, 2006 9:56 am
Forum: General
Topic: Send Variables to external login page - n00b - SOLVED
Replies: 3
Views: 940

I use this as the login.html page on the MT: <html> <title>...</title> <body> <form name="redirect" action="https://remote.web.serv/login.cgi" method="post"> <input type="hidden" name="mac" value="$(mac)"> <input type="hidden" name="ip" value="$(ip)"> <input type="hidden" name="hostname" value="$(ho...
by bjohns
Mon Nov 27, 2006 10:02 am
Forum: Wireless Networking
Topic: Cusomer Accounts and Billing/Payment Solution
Replies: 47
Views: 14556

It's not too difficult to write your own interface. Like I wouldn't call myself a programmer but I managed to get most if not all the features I want out of a hotspot 'self manage' interface. I wrote mine using Perl. I will eventually bundle it up for release. However I don't think I can make it ope...
by bjohns
Thu Nov 23, 2006 7:17 am
Forum: General
Topic: remote reboot = dangerous?
Replies: 8
Views: 2103

Regarding WRAPs, the x86 package includes routerboard.npk. We have found a newly flashed WRAP will hang -once- when first setup requiring a manual power cycle then no problem with reboots. Same here, got plenty kicking around that have no problems with field resets as long as the routerboard packag...
by bjohns
Tue Nov 21, 2006 11:42 am
Forum: Wireless Networking
Topic: Access Point
Replies: 23
Views: 3466

The larger units have a GPS receiver as a time source. Yes, I heard they had GPS, I thought it was used as a clock-source for the TDM, not for co-ordination among radios. NStream polling is good, but having the router co-ordinate among multiple radios could be beneficial. Like polling on steroids. ...
by bjohns
Tue Nov 21, 2006 5:14 am
Forum: Wireless Networking
Topic: Periodic Calibration
Replies: 12
Views: 6302

I'm pretty sure there's a thread kicking around here that explains it. If I remember correctly it was a method where the radio can 'recalibrate' itself to adjust for extreme temperature changes and other environmental effects. http://www.freepatentsonline.com/6272322.html turned up in a google searc...
by bjohns
Tue Nov 21, 2006 4:58 am
Forum: General
Topic: :: telephony not fuctionig ::
Replies: 13
Views: 2326

telephony is supported in 2.9.x ... but you read the release notes for 3.x and it specifically says its being removed.
Yes, I saw that it was getting dropped in 3.x in the change logs too.

I was hoping it was making way for SIP support :D
by bjohns
Mon Nov 20, 2006 12:49 pm
Forum: Wireless Networking
Topic: Access Point
Replies: 23
Views: 3466

AFAIK The Motorola Canopy system uses Time Division Multiplexing - which is what I think this thread is hinting upon when saying things like 'TX Synchronization'. They have taken it a step further allowed multiple APs to co-ordinate. MT might be able to achieve something similar by using their NStre...
by bjohns
Mon Nov 20, 2006 12:23 pm
Forum: General
Topic: are happy v2.9.36
Replies: 17
Views: 3732

added GIS/WISPr xml pages for hotspot smart client support;

IPass support?! Fantastic. Just in time too.

FYI http://www.pcca.org/standards/architect ... _pwlan.pdf
by bjohns
Fri Nov 17, 2006 1:25 am
Forum: Scripting
Topic: How to change hotspot script status.html...
Replies: 12
Views: 7067

I got around 'most' pop-up blockers by sneaking a 'onclick' into a submit button. Tied it to some js that forms a new window and populates it with a refresh/redirect meta tag that brings up the status window. So it appears to the browser that it's a user requested pop-up. Some zealous blockers preve...
by bjohns
Tue Nov 07, 2006 4:09 am
Forum: General
Topic: system reboots
Replies: 6
Views: 1154

I only have 5 sites running 2.9.32, the rest are running 2.8.28, the two best are as follows: PPPoE Concentrator [admin@Unicentral_GW] system resource> print uptime: 227d18h49m36s free-memory: 52724 kB total-memory: 257228 kB cpu: Intel(R) cpu-frequency: 2800 MHz cpu-load: 2 free-hdd-space: 24335 kB...
by bjohns
Mon Oct 30, 2006 12:33 am
Forum: General
Topic: Feature request (network blacklists)
Replies: 16
Views: 6116

I will also create a script on *nix that runs and ssh's this lists to whatever boxes you have.
Or use the fancy API :)
by bjohns
Mon Oct 30, 2006 12:30 am
Forum: General
Topic: Add Signal str/ccq/spd value to Hotspot attribs
Replies: 0
Views: 1139

Add Signal str/ccq/spd value to Hotspot attribs

As per http://forum.mikrotik.com/viewtopic.php?t=11532 It would be nice to include something like $sigstr, $sigccq and $sigspd or something in the values available in the hotspot interface. While I understand that this information is moot given that the user would have to be connected to see it - it...
by bjohns
Thu Oct 26, 2006 4:19 am
Forum: General
Topic: IP / VPN tunnel question
Replies: 8
Views: 1823

PPTP is probably your best bet, quite common and there isn't a whole lot to think about. L2TP is a little more involved when adding IPSec. I run an older MT 2.8.26 as a VPN concentrator - takes PPTP/L2TP/IPSec and I've hooked up all sorts of consumer routers to it. IPSec takes a bit of fiddling but ...
by bjohns
Thu Oct 26, 2006 2:17 am
Forum: General
Topic: IP / VPN tunnel question
Replies: 8
Views: 1823

From a Cisco perspective, IPIP is as basic as tunnels can get - absolutely no encryption or identity protection at all. It simply lets you sneek a subnet over others.
by bjohns
Thu Oct 26, 2006 2:15 am
Forum: General
Topic: licence diference!!
Replies: 8
Views: 1853

Hmm, I didn't notice that before - I would have ordered lvl5 licenses.

It would be better to have the RIP versions in all levels, and include OSPF etc in >=lvl5. Since most off the shelf firewalls/routers these days come with some kind of RIP support.
by bjohns
Wed Oct 25, 2006 8:47 am
Forum: General
Topic: Dual Core CPU or Single
Replies: 9
Views: 2540

Yes, it's not supported yet, but it's available in the 3beta if you're that desperate:

*) added initial support for SMP on x86 (use it on your own risk);

Apparently a 233MHz WRAP can push 40Mbit/sec raw - so on your box I would expect much better as suggested by jo2jo.
by bjohns
Tue Oct 24, 2006 1:42 am
Forum: General
Topic: API docs
Replies: 32
Views: 11048

Excellent. Need someone to roll it all up in a Perl module :D
by bjohns
Wed Oct 18, 2006 12:25 am
Forum: General
Topic: Pasting Config in SSH Term error
Replies: 2
Views: 1339

Thanks! I'm not going crazy after all.
by bjohns
Tue Oct 17, 2006 2:39 am
Forum: General
Topic: Pasting Config in SSH Term error
Replies: 2
Views: 1339

Pasting Config in SSH Term error

Using v3.0Beta1. Checking to see if anyone else can reproduce this: I paste the following into a SSH terminal: / ip hotspot add name="Maroochy" interface=hotspot_wds address-pool=Hotspot profile=hsprof1 \ idle-timeout=5m keepalive-timeout=none addresses-per-mac=2 disabled=no And it ends up as: [admi...
by bjohns
Thu Oct 05, 2006 6:19 am
Forum: General
Topic: 2.9.31
Replies: 5
Views: 3743

Tested okay on the bench with my various hotspot configs. Going to roll it out next week.
by bjohns
Mon Oct 02, 2006 2:49 am
Forum: General
Topic: Using HTTPS sign-on with hotspot consumes all memory
Replies: 7
Views: 5719

I'm using HTTPS login with the hotspot - no where near as many users but I have seen no unusual memory behaviour.

There could very well be an issue running that many clients with https logins. Thus why you should send the supout to MT.
by bjohns
Fri Sep 22, 2006 2:57 am
Forum: General
Topic: hotspot problem
Replies: 3
Views: 1317

Framed-Route should be an IP Address.
by bjohns
Tue Sep 19, 2006 6:33 am
Forum: Wireless Networking
Topic: Huber+Suhner Gear
Replies: 3
Views: 908

I got the pricing back - costs seem very reasonable.
by bjohns
Sun Sep 17, 2006 2:32 pm
Forum: General
Topic: Advice on remote locations
Replies: 10
Views: 1896

I did a solar powered wireless repeater setup some time ago using a Cisco BR352 Wireless Bridge. http://www.naturalnetworks.net/index.php?option=content&task=view&id=14&Itemid=27 Bloody old now but hopefully some info is still useful. Solar power is pretty much the norm in most parts of Australia si...
by bjohns
Fri Sep 15, 2006 5:05 am
Forum: General
Topic: Hotspot / Splash page help
Replies: 6
Views: 2669

Make sure the hotspots dynamic rules are in the NAT tables - should be a few redirects etc.
by bjohns
Fri Sep 15, 2006 2:11 am
Forum: General
Topic: Hotspot / Splash page help
Replies: 6
Views: 2669

Just use the trial user feature - this is exactly what I've done just recently for a cafe wanting to provide a free hours access every day.

In your case just make it a free 30min every 30min.
by bjohns
Thu Sep 14, 2006 2:19 pm
Forum: General
Topic: Winbox Feature suggestion.
Replies: 37
Views: 13352

When window is hidden behind other windows in WinBox it is unreachable unsil user moves (or closes) all windows to find it. Some option to access any open window is a must.
Yes, something similar to a task bar just for winbox would be handy.
by bjohns
Thu Sep 14, 2006 1:59 am
Forum: General
Topic: Radius Rate-Limit backwards?
Replies: 2
Views: 1475

Best think of it from the routers perspective - RX is what the router is receiving, TX is what it's sending. Same applies to accounting.

Thinking things from the client's perspective is a quick way to get very confused.
by bjohns
Wed Sep 13, 2006 7:46 am
Forum: Scripting
Topic: Netinstall configure script
Replies: 3
Views: 2473

I tried all kinds of formats etc - all the same result until I specified some random text file in the configuration field.

I guess I am the exception :(
by bjohns
Tue Sep 12, 2006 3:51 am
Forum: Wireless Networking
Topic: Huber+Suhner Gear
Replies: 3
Views: 908

Huber+Suhner Gear

Since they're a European brand I thought it best to ask here. I'm interested in their cable, connectors and antennas for use in 2.4/5.8 networks. Has anyone go any feedback about cost/performance? I'm waiting for pricing from the local sales rep. (I hope this isn't stepping on MT's toes - its the no...
by bjohns
Mon Sep 11, 2006 4:13 am
Forum: Scripting
Topic: Another DNS problem
Replies: 2
Views: 960

Easy - this is similar to how the hotspot function does things. In dst-nat set a rule to NAT (not redirect) connections on port 53 (tcp and udp) to the correct DNS server. Turn off the local DNS server. /ip firewall nat add chain=dstnat protocol=udp dst-port=53 action=dst-nat to-addresses=<dns ip> t...
by bjohns
Mon Sep 11, 2006 3:00 am
Forum: Wireless Networking
Topic: 5725 – 5875MHz frequency availability by country
Replies: 10
Views: 1875

http://forum.mikrotik.com//viewtopic.php?t=10096

They'll be addressing that soon I believe.
by bjohns
Fri Sep 08, 2006 4:17 am
Forum: Scripting
Topic: Netinstall configure script
Replies: 3
Views: 2473

Netinstall configure script

I've noticed when using the netinstaller that if you don't specify a configuration script when installing directly to flash (usb card reader etc) the installation fails when installing upon the actual device (a wrap in my case). So is the configure script simply the exported configuration from a MT ...
by bjohns
Sun Sep 03, 2006 7:28 am
Forum: General
Topic: blocking sending of spam mails
Replies: 7
Views: 5695

Probably best use an external MTA that has the appropriate spam filters etc installed. Force mail out via it (nat port 25 out -> mta).

Just make sure you're checking for spam both in and out.
by bjohns
Fri Sep 01, 2006 2:23 am
Forum: Wireless Networking
Topic: HotSpot not redirecting to login page
Replies: 7
Views: 15457

Make sure you have Internet access from the hotspot router (ping from terminal). I find if the Internet is not available, you will not be forwarded to the login page... logical, really Yep, the router won't be able to do a DNS lookup and thus the client won't get a DNS response and will be presente...
by bjohns
Fri Sep 01, 2006 2:17 am
Forum: Wireless Networking
Topic: Antenna Pictures
Replies: 6
Views: 2566

http://members.iinet.net.au/~nbk/antennas/BBG_WG_01.png Spray painting an otherwise white 8 slot waveguide black to blend in with a security camera post http://members.iinet.net.au/~nbk/antennas/Rivergate_WG_RPT_01.png Good example of using a parapit to futher isolate a directional link Some other ...
by bjohns
Wed Aug 30, 2006 8:33 am
Forum: Wireless Networking
Topic: how many concurrent user in 802.11b and 802.11g
Replies: 5
Views: 1379

Fixed or mobile?

For mobile I set to 802.11b for maximum compatibility. For fixed where you have greater control over the remote end then 802.11g will be an option.
by bjohns
Wed Aug 30, 2006 3:46 am
Forum: Wireless Networking
Topic: Power output for Senao NMP-8602
Replies: 39
Views: 13294

I've just changed a few of these radios from +26 to +20 and most got a +3 - +5dB improvement in strength.

I can remember doing this on the bench but thought it was related to something else...
by bjohns
Mon Aug 28, 2006 12:10 pm
Forum: General
Topic: AVPair suggestion?
Replies: 0
Views: 1141

AVPair suggestion?

I've been fidding around with a alternative access controller device (I won't mention it here because it wouldn't be nice) and it has a neat way of getting its configuration via RADIUS. Instead of setting all sorts of things on the controller you simply create a user account for it (in radius) and p...
by bjohns
Mon Aug 28, 2006 6:27 am
Forum: General
Topic: New Vulnerability for Hotspots Networks! Attention!!!
Replies: 2
Views: 2778

I can't see it being that common, however some default rules prevent any client like that from working imo. Ie DNS redirect - this is enabled pretty much by default and redirects all DNS queries to the MT's DNS server. This effectively distroys any chance they have of using their own dodgy DNS serve...
by bjohns
Mon Aug 21, 2006 8:06 am
Forum: General
Topic: VLan Mikrotik vs managed switches
Replies: 3
Views: 3231

Just set each port to their own vlan and then configure port 1 as a trunk port. As for automatically binding mac addresses to the port - your looking at implementing something like 802.1x. Which means installing some sort of suplicant on the customers equipment or updating the radius somehow. If you...
by bjohns
Sun Aug 20, 2006 6:13 am
Forum: General
Topic: Things I've learned about Wireless
Replies: 9
Views: 1621

disable-running-check=yes

does that fix the OSPF Problem?
Yer, it leaves the interface 'up' when there's nothing associated.
by bjohns
Sun Aug 20, 2006 6:03 am
Forum: General
Topic: Things I've learned about Wireless
Replies: 9
Views: 1621

Re: Things I've learned about Wireless

7. default TX power works best :-) 8. Frenal zone os overrated, I have a 40km link on a 1 meter pole. Oh sure, physics in general is completely overrated :shock: I think he's saying that the negative effects of not having >%60 freznal zone are exagerated. Probably a greater issue for radio systems ...
by bjohns
Sun Aug 20, 2006 2:59 am
Forum: General
Topic: If there was a MUM in Australia would you go?
Replies: 20
Views: 3107

Yeah, I'll be there.
by bjohns
Wed Aug 16, 2006 8:35 am
Forum: General
Topic: READ THIS if you use Radius
Replies: 13
Views: 6001

How do you put this in place? the radius updates from MT dont seem to use it looking at the packets
2.9.28 now includes support for those particular attribs:
added support for Recv-Limit-Gigawords and Xmit-Limit-Gigawords Radius attributes for hotspot
by bjohns
Tue Aug 08, 2006 2:33 am
Forum: Scripting
Topic: Free Hotspot user time limitation
Replies: 26
Views: 46503

<div class="notice" style="color: #c1c1c1; font-size: 9px">Please log on to use the mikrotik hotspot service<br />$(if trial == 'yes')Free trial available, <a style="color: #FF8080"href="$(link-login-only)?dst=$(link-orig-esc)&username=T-$(mac-esc)">click here</a>.$(endif)</div><br /> What I like t...
by bjohns
Mon Aug 07, 2006 2:08 pm
Forum: Wireless Networking
Topic: Australia - Release of 5.47 to 5.725GHz spectrum
Replies: 10
Views: 3426

Australia - Release of 5.47 to 5.725GHz spectrum

The ACMA (Australian Communications and Media Authority) has recently expanded the Low Interference Potential Devices class licence to allow the use of the spectrum between 5470 and 5725 MHz for outdoor use in Australia. There are 5 limitations to be aware of: 1. Maximum EIRP is 1 watt averaged over...
by bjohns
Mon Aug 07, 2006 8:09 am
Forum: Scripting
Topic: Free Hotspot user time limitation
Replies: 26
Views: 46503

Are you using the default login page or a custom one? There's a dynamic variable on the default one that detects whether the trial user feature is enabled or not and provides a link if it is enabled. What I like to know is what is the best way to enable the trial user feature using a remote server -...
by bjohns
Fri Aug 04, 2006 7:04 am
Forum: Wireless Networking
Topic: what is better vertical or horizontal polarization antenna
Replies: 6
Views: 3186

We normally use horizontal for most things - unless we're looking for maximum seperation etc.

For a Point-to-Point link we would consider radial too - get the best of both worlds.
by bjohns
Tue Aug 01, 2006 6:50 am
Forum: Scripting
Topic: Status/usage popup window...HoW please? Mine's broken...
Replies: 2
Views: 1473

Yeah, I had to sneek it under a button via a 'onclick' function - so it appears to the browser as a user initiated thing, although this can still be blocked by particularly zealous popup blockers.
by bjohns
Mon Jul 31, 2006 1:50 am
Forum: General
Topic: READ THIS if you use Radius
Replies: 13
Views: 6001

That's why I use Radius interim accounting and the Acct-Input-Gigawords/Acct-Input-Octets/Acct-Output-Gigawords/... attributes with radius accounting. The Gigawords counters exist just to solve that exact problem of the 4 Gig wraparound of 32 bit counters. --Tom I was wondering what they were for a...
by bjohns
Fri Jul 28, 2006 6:37 am
Forum: General
Topic: READ THIS if you use Radius
Replies: 13
Views: 6001

You can do it either way, but if you're already using radius, use radius. radreply: Xmit-Limit (transmit TO client - Downloads) Recv-Limit (receive FROM client - Uploads) Also be aware that sometimes the database column 'AcctOutputOctets' needs to be set to a type that can take a large integer - if ...
by bjohns
Mon Jul 24, 2006 1:04 am
Forum: General
Topic: Layer 7 protocol identification
Replies: 8
Views: 1694

Umm, it would completely defeat the point of https/ssl if you could do that.
Yes, I know that - but even the first request packet is binary (unencrypted) so you can't even mark a SSL session.
by bjohns
Fri Jul 21, 2006 8:34 am
Forum: General
Topic: Hotspot issue
Replies: 5
Views: 1766

Just had the issue with one site - it worked okay for about three weeks. Restarting the hotspot instance didn't work, had to reboot the router.

supout sent.
by bjohns
Fri Jul 21, 2006 12:11 am
Forum: General
Topic: Layer 7 protocol identification
Replies: 8
Views: 1694

I've briefly looked into matching HTTPS packets - everything appears to be binary only during a https/ssl transfer, so I am not sure if you can use a text match.

Has anyone done this?
by bjohns
Tue Jul 18, 2006 5:16 am
Forum: General
Topic: Hotspot issue
Replies: 5
Views: 1766

Actually, I think I may be facing the same issue. I'm also using HTTPS and redirecting to an external server. I thought it was just a wireless signal issue and it came good after rebooting the router. However now that you mention it - it could be what you describe. How long does it take after reboot...
by bjohns
Mon Jul 17, 2006 10:02 am
Forum: General
Topic: Hotspot and external server login
Replies: 6
Views: 3419

Here's a image I threw together that illustrates the process: http://photos1.blogger.com/blogger/4418/1475/320/AccessPlus%20-%20Mikrotik%20Remote%20Login%20Flow.png The remote server code I posted above isn't the whole thing - there is more involved - essentially grabbing the values passed from the ...
by bjohns
Mon Jul 17, 2006 8:32 am
Forum: General
Topic: Hotspot and external server login
Replies: 6
Views: 3419

To log a client in, you need to get them to submit their credentials to the 'login' script on the NAS. If it makes it easier to understand, you can refer to it as login.cgi too. Ie: <form name="login" action="https://hotspot_address/login.cgi" method="post"> <input type="hidden" name="user" value="u...
by bjohns
Sat Jul 15, 2006 2:03 pm
Forum: General
Topic: Hotspot and external server login
Replies: 6
Views: 3419

Not sure what's happening, you need to make sure it all happens between the client and the NAS. Here's what I use, which is very similar to what's in the manual: Server IP: 2.2.2.2 NAS IP (client facing/hotspot): 1.1.1.1 On the MTRouter: <html> <title>...</title> <body> <form name="redirect" action=...
by bjohns
Fri Jul 14, 2006 12:57 am
Forum: General
Topic: Nehemiah 1 ghz mini itx w/ RouteOS ??
Replies: 6
Views: 1016

I have router OS running on a few different types of Via Epia platforms. No problems on any so far and it's been at least a year or more. Supports all the bits that need supporting for a router.
by bjohns
Thu Jul 13, 2006 1:03 am
Forum: Wireless Networking
Topic: Mikrotik Quality?
Replies: 10
Views: 2915

I agree - while we were using MT Routers at the access layer we didn't think of using it for the distribution. Instead we've used Redline, WiLAN and Proxim. I can say that MT will beat Proxim gear hands down, however WiLAN and Redline gear is stable and hasn't caused us any greif. I'd say that MT wa...
by bjohns
Sun Jul 09, 2006 10:22 am
Forum: General
Topic: Moving Router config from 1 router to another
Replies: 1
Views: 750

Look at the export/import commands.
by bjohns
Sun Jul 09, 2006 5:52 am
Forum: General
Topic: liked pre-upgrade hotspot login page better...
Replies: 2
Views: 996

Change:
<input type="hidden" name="popup-present" value="true">

To:
<input type="hidden" name="popup" value="true">
by bjohns
Sat Jul 08, 2006 3:53 pm
Forum: Wireless Networking
Topic: City Wifi Topologies
Replies: 10
Views: 2348

"Poor man's MPLS" explains it quite well imo. Just read the abundant info about MPLS and you'll see where the switched/routed network concept comes in handy. Ie. http://www.mplsrc.com/faq1.shtml#MPLS%20History What problems does MPLS solve? The initial goal of label based switching was to bring the ...
by bjohns
Mon Jul 03, 2006 3:15 pm
Forum: General
Topic: v2.9.27 released
Replies: 23
Views: 3751

Re: v2.9.27 released

*) added WISPr Radius attribute support to hotspot;
Any details available about this feature? I'd like to get some testing underway asap.
by bjohns
Fri Jun 23, 2006 7:18 am
Forum: General
Topic: Managing SSL Certificates
Replies: 3
Views: 714

From what I gathered a wildcard is for a single server with multiple subdomains. Not for multiple servers with a single domain - it would be great if I'm wrong.
by bjohns
Fri Jun 23, 2006 3:30 am
Forum: General
Topic: Managing SSL Certificates
Replies: 3
Views: 714

Managing SSL Certificates

We're in the process of establishing HTTPS authen amoung our hotspots and were wondering how others are managing their certificates. I guess we're after 'best practices'. For example, when it comes time to renew, how do you go about renewing many hotspots? What are the best kinds of certificates to ...
by bjohns
Thu Jun 22, 2006 6:01 am
Forum: Wireless Networking
Topic: Senao 2511MP doesn't like Cisco AP with hidden SSID
Replies: 1
Views: 755

"Prism cards set in client mode will not connect to Access Points (AP) that work with enabled hide-ssid feature"

/me slaps head.

I thought it was the other way around... but how the 2.8.28 version we have in the field is working is beyond me.
by bjohns
Thu Jun 22, 2006 5:50 am
Forum: Wireless Networking
Topic: Senao 2511MP doesn't like Cisco AP with hidden SSID
Replies: 1
Views: 755

Senao 2511MP doesn't like Cisco AP with hidden SSID

Using RouterOS 2.9.25 and 2.9.26. Fresh config, set the Senao interface to station (default) and specify the SSID. No encryption or anything fancy. Cisco AP352 is running factory defaults. Set SSID to non-broadcast. The senao client will not associate with the AP with the hidden ssid. Set the Cisco ...
by bjohns
Thu Jun 22, 2006 3:02 am
Forum: The Dude
Topic: good background maps??
Replies: 6
Views: 2852

It'd be nice to have it linked in with Google maps - add in the address field for each device (or better yet, grab it from snmp..) and plot it automatically.
by bjohns
Fri Jun 02, 2006 1:59 am
Forum: Wireless Networking
Topic: Senao NL-2511MP PLUS and Cisco AP352
Replies: 0
Views: 605

Senao NL-2511MP PLUS and Cisco AP352

G'day, Had an unusual problem between a RouterOS client connecting to a Cisco Access Point. The signal strength between is -61 abouts as reported by routeros. This is confirmed on the Cisco AP with a 88% strength report. This is at 11Mbps. The issue was that the client would throttle the link speed ...
by bjohns
Wed May 24, 2006 4:42 pm
Forum: Scripting
Topic: Remote backend and password encryption
Replies: 0
Views: 783

Remote backend and password encryption

I've developed a backend with all the bells and whistles allowing users to self manage. However I'm considering the best method to use when redirecting the user back to the MT Router. I don't like passing passwords in cleartext, what is the best method to encrypt the password without using SSL on th...
by bjohns
Wed May 24, 2006 4:35 pm
Forum: Scripting
Topic: How do I let Hotspot users pay per megabyte?
Replies: 1
Views: 1350

Everything is possible, but the 'no scripting' part of your question limits things a bit. I have the following in my freeradius sql.conf: accounting_stop_query = "UPDATE radacct, userinfo SET ${acct_table1}.AcctStopTime = '%S', ${acct_table1}.AcctSessionTime = '%{Acct-Session-Time}', ${acct_table1}....
by bjohns
Wed May 24, 2006 9:20 am
Forum: The Dude
Topic: email notifications
Replies: 1
Views: 1217

email notifications

FOUND IT!!!
you need to make the notification
by bjohns
Wed May 24, 2006 2:45 am
Forum: The Dude
Topic: email notifications
Replies: 1
Views: 1217

email notifications

Hi, we would love to see the ability of email notifications when devices change state. It is mentioned in the notes but apparently not implemented yet
thanks, Accessplus.
by bjohns
Sun Apr 23, 2006 3:20 pm
Forum: General
Topic: Hyper Threading
Replies: 2
Views: 1262

It "shouldn't" cause any major performance difference - the logical secondary processor is just that - a logical one. Its merely a way to run two threads simultaniously in a virtual manner - its still only one real processor doing the work. Multi-core cpu's and virtualisation are going to get rather...
by bjohns
Wed Mar 29, 2006 2:59 pm
Forum: General
Topic: What is you CPU load??
Replies: 11
Views: 1750

100 or so PPPoE sessions Queue trees for common protocols - PCQ for limiting each 4Mbps max througput P4 2.4GHz w/256Mb DDR Never above 10% This is the same with three sites. Running hotspots on WRAP 1's and with say about 10 users online sharing a 1.5/256 DSL connection via wifi it wouldn't go abov...
by bjohns
Sat Mar 25, 2006 3:35 pm
Forum: Wireless Networking
Topic: Ubiquity SR9 support
Replies: 3
Views: 1508

Yes, that card grabed my attention when I saw 900MHz and 54Mbit in the same sentence.

Beats me how they did it, but support for it would be great as it'll make for a great backhaul. It's fine for use in Australia afaik.
by bjohns
Thu Mar 23, 2006 7:02 am
Forum: Wireless Networking
Topic: poll: u.fl vs. mmcx for sr2, sr5 and soldering
Replies: 28
Views: 7983

I use I-PEX connectors, seems to be a compromise between u.Fl and MMCX. Although I haven't used many u.Fl connectors. MMCX is the norm with Cisco gear.
by bjohns
Wed Mar 22, 2006 3:42 am
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 76733

Radius AVPair support would be nice too.
by bjohns
Tue Mar 21, 2006 3:20 pm
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 76733

Along with MPLS, ISIS routing would be nice. SIP Proxy, more advanced telephony - like allowing hotspot users to use a cordless sip phone and the associated radius support. NAT-T (another vote) I guess device drivers will get a revamp, but I would like to see support for VPN accelerators such as the...
by bjohns
Tue Mar 21, 2006 2:48 pm
Forum: General
Topic: SNMP
Replies: 54
Views: 27310

Love the idea of an API - I can only imagine the amount of flexibility it would provide, especially with the more dynamic functions such as hotspot/ppp connections etc.
by bjohns
Tue Mar 21, 2006 1:06 pm
Forum: Scripting
Topic: Redirection page/script?
Replies: 9
Views: 3662

Thanks for that Normis (and the rest of the Mikrotik staff for that matter).

I can forward you a document that discribes the interaction between the particular server I'm using and the access controllers if you like.
by bjohns
Tue Mar 21, 2006 1:52 am
Forum: Scripting
Topic: Redirection page/script?
Replies: 9
Views: 3662

That's excellent eflanery - I did start thinking about using the client as the redirector when I was needing to use javascript. Would it be too much to ask for an example of the script that is sent back to the client? The server allows custom 'per location' content, I could sneek the javascript in a...
by bjohns
Mon Mar 20, 2006 4:13 pm
Forum: Scripting
Topic: Redirection page/script?
Replies: 9
Views: 3662

I don't think I'm getting my message across. The server is sending a URL to routeros with the exact parameters required for the hotspot to conduct a radius auth for a given user. It just thinks that the NAS should have a .cgi there to handle it - RouterOS doesn't, it just uses login - however it tak...
by bjohns
Mon Mar 20, 2006 2:39 pm
Forum: Scripting
Topic: Redirection page/script?
Replies: 9
Views: 3662

I tried a simple cgi redirect page (login.cgi that redirects to login) and that didn't work, don't even know the path to perl/python or whether the webserver supports it. I tried a javascript redirect that works when using a browser, but the server doesn't support javascript (funny since its a jboss...
by bjohns
Mon Mar 20, 2006 3:13 am
Forum: Scripting
Topic: Redirection page/script?
Replies: 9
Views: 3662

Redirection page/script?

I have an issue trying to get a RouterOS 2.8.28 hotspot to accept an authorization reply from a backend server. The server uses https://routeros_gateway/login.cgi?blahblah whereas RouterOS expects https://routeros_gateway/login?blahblah. There isn't any way to change the URL the server uses (stupid ...
by bjohns
Mon Nov 14, 2005 1:52 am
Forum: General
Topic: is there a support IRC channel??
Replies: 4
Views: 1323

I'd lurk in it.
by bjohns
Thu Nov 03, 2005 2:31 am
Forum: General
Topic: Automated remote updates to many RouterOS machines?
Replies: 10
Views: 4970

SNMP-SET would be very handy, particularly if folks are using HP OpenView and other NMS. Also, TFTP support would be nice. Having the ability to export and import a text file via FTP/TFTP and have the router apply the new configuration from it would be handy, that way the configuration can be create...
by bjohns
Thu Nov 03, 2005 2:08 am
Forum: General
Topic: Radius Access-Accept Filter-ID -> Create Dynamic NAT?
Replies: 4
Views: 2093

Apparently not. I had a quick look at it and all it does is dynamically create jump rules in the ppp (if available) and hotspot chains. For example if Filter-ID == Restricted then there will be two rules placed in the ppp/hotspot chain that jump traffic for that user to the Restricted chain. There i...
by bjohns
Wed Nov 02, 2005 1:17 am
Forum: General
Topic: SMTP Authentication
Replies: 10
Views: 4890

Take this one step further and allow Hotspot users to use their SMTP authentication to access the internet - that way they don't have to open a web browser to check their e-mail.
by bjohns
Mon Oct 31, 2005 12:38 am
Forum: General
Topic: sending TCP port out specific interface
Replies: 2
Views: 829

Set up policy routing that routes such packets based upon a predetermined tag. Similar to Cisco's route map command.

http://www.mikrotik.com/docs/ros/2.8/ip/route
by bjohns
Mon Oct 31, 2005 12:16 am
Forum: General
Topic: User Management / Billing system for Hotspots
Replies: 7
Views: 2054

Would there be an ability to use vouchers with this system? All sounds good to me, I'll subscribe to this thread.
by bjohns
Fri Jul 15, 2005 1:39 am
Forum: General
Topic: calculating daily and monthly totals (SQL)
Replies: 8
Views: 1846

The dialupadmin web interface that comes with FreeRADIUS has scripts that do just that, hourly, daily and monthly.
by bjohns
Tue Jul 12, 2005 3:57 am
Forum: General
Topic: Enable Internal Access to IP from External Source
Replies: 5
Views: 1868

I'm guessing you are using the universal client and enabled-address methods for your hotspot clients. You need to specify a static hotspot user and universal client for the device: / ip firewall dst-nat add dst-address=:8000 protocol=tcp \ action=nat to-dst-address=10.1.1.250 \ to-dst-port=80 commen...
by bjohns
Wed Jul 06, 2005 9:00 am
Forum: General
Topic: Wificom SAB Server
Replies: 0
Views: 536

Wificom SAB Server

Has anyone successfully setup RouterOS to work with a SAB Server backend?
by bjohns
Fri Jun 24, 2005 2:51 am
Forum: General
Topic: PPPOE > Radius > SQL Accounting Issue
Replies: 3
Views: 937

Alive packets are sent during a connection, you can set the frequency of these packets on the hotspot or the radius server.
by bjohns
Wed Jun 01, 2005 5:05 am
Forum: General
Topic: Lightning protection for Mikrotik AP
Replies: 1
Views: 880

Stick a lightening arrestor on the antenna run and make sure its grounded to a good earth.

A metal chassis that is grounded for the AP would probably make for slightly better emp protection.
by bjohns
Wed May 04, 2005 1:51 am
Forum: General
Topic: Hotspot - logout doesn't log them out.
Replies: 7
Views: 3137

How does this work for the 2.8.x series? (I don't see a $(link-logout) in status.html).
by bjohns
Wed Apr 27, 2005 5:08 am
Forum: General
Topic: Bragging rights?
Replies: 3
Views: 977

Best 3 out of 15 in the field:

1. 6740 hrs
2. 5852 hrs
3. 5204 hrs

All standard PC rigs (pentium/celeron, mATX, slim case, CF IDE). Most are 3 nics running hotspot/pppoe with radius, firewalling, routing. Each system (inc AP, switches etc) has a 400VA UPS that lasts on average 30min.
by bjohns
Thu Apr 21, 2005 5:27 am
Forum: General
Topic: New RouterOS Features and new RouterBOARDs
Replies: 38
Views: 10760

I was lucky enough to clear that problem with a well placed rock from a sling shot. Wouldn't recommend that for others though. We had to repair a crack in the raydome later. I don't remember reading that in my network administrator's handbook... I suffer from the other extreme of heat issues, throw...
by bjohns
Fri Apr 08, 2005 2:07 am
Forum: General
Topic: Kill PPPoE session with SNMP
Replies: 7
Views: 2292

This is the main reason why I want snmp-sets. The ssh method works, but is rather clunky by comparison, and snmp fits in well with existing NMS.
by bjohns
Fri Apr 08, 2005 2:01 am
Forum: General
Topic: freeradius
Replies: 1
Views: 849

They're both in the radreply table.
by bjohns
Wed Mar 16, 2005 2:34 am
Forum: General
Topic: Redirecting to URL after Hotspot login...
Replies: 10
Views: 3341

No, but yes, it's the same problem I have run into. Try it with non-encrypted password set. I believe the hashing thingy overwrites it with the old. I've raised it with Mikrotik ages ago but haven't received a reply.
by bjohns
Wed Mar 16, 2005 1:38 am
Forum: Scripting
Topic: Two ISP's fighting :)
Replies: 2
Views: 1971

You can devise a method in netwatch that checks the links and switches gateway upon failure. For example, create two scripts: failover_up: {/ip route set [/ip route find dst-address=0.0.0.0] gateway 111.111.111.254} failover_down: {/ip route set [/ip route find dst-address=0.0.0.0] gateway 222.222.2...
by bjohns
Wed Mar 16, 2005 1:30 am
Forum: General
Topic: Redirecting to URL after Hotspot login...
Replies: 10
Views: 3341

http://www.mikrotik.com/docs/ros/2.8/ip/hotspot To choose different page shown after login, in login.html change: <input type="hidden" name="dst" value="%link-orig%"> to this line: <input type="hidden" name="dst" value="http://your.web.server"> (you should correct the link to point to your server)
by bjohns
Fri Mar 11, 2005 3:28 am
Forum: General
Topic: My opinion: to have information of new version
Replies: 5
Views: 1704

Isn't this already in the change log? Or are you talking about the jump from the 2.8 to 2.9?
by bjohns
Wed Feb 23, 2005 4:42 am
Forum: General
Topic: Production Release for HotSpot Manager
Replies: 16
Views: 3383

I'm currently looking at using http://www.alepo.com/ . Hopefully it can integrate with MT, don't see why not with a bit of tweaking.
by bjohns
Mon Feb 07, 2005 5:24 am
Forum: General
Topic: Packet mangling with RADIUS
Replies: 3
Views: 1018

2nd that. Mangle rules using radius would be neat.
by bjohns
Fri Feb 04, 2005 5:12 am
Forum: Scripting
Topic: How to limit a user to a given amount of traffic?
Replies: 85
Views: 79126

can anybody answer on how check amount of upload/dwonload traffic with radius and pppoe users? afaik 'Alive' packets are sent back to the radius server with the updates. These are usually sent every 5min, but you can change that using either the MT Router or the Radius server. Otherwise the total s...
by bjohns
Tue Jan 11, 2005 7:57 am
Forum: Scripting
Topic: What is the purpose of 'var' in the hotspot servlet?
Replies: 3
Views: 1854

What is the purpose of 'var' in the hotspot servlet?

"var - value of 'var' parameter in the last request"

Can anyone explain this and/or provide examples of its use?

Thanks.
by bjohns
Fri Dec 17, 2004 1:15 am
Forum: General
Topic: How To: Connect to FreeRadius Server?
Replies: 4
Views: 1942

Re: How To: Connect to FreeRadius Server?

Hi, I am going to develop my own radius managment system usng either ASP, or ASP.Net. I just need some pointers on what connection I can perform to the FreeRadius server? Any Help is appreciated. Thankyou Joshua For what reasons are you connecting to the FreeRADIUS server? Like if you want to manag...
by bjohns
Thu Dec 02, 2004 3:45 am
Forum: General
Topic: RADIUS accounting request not sent: no response
Replies: 1
Views: 1442

RADIUS accounting request not sent: no response

What exactly causes this error? Could it be firewall issues on the remote radius server end?

I'm asking because I've checked and tested connectivity on both ends and everything appears to be fine.
by bjohns
Mon Nov 15, 2004 3:28 am
Forum: General
Topic: PPPoE Termination - administrator request
Replies: 2
Views: 1791

Okay it was the MTRouter doing it. It was in response to the Radius 'Hotspot-Xmit-limit' attribute being set to 1byte. I was under the impression that this attrib doesn't apply to PPPoE clients and only Hotspot users?
by bjohns
Mon Nov 15, 2004 3:24 am
Forum: General
Topic: PPPoE Termination - administrator request
Replies: 2
Views: 1791

PPPoE Termination - administrator request

What does this termination message mean? The session connects and authenticates fine, and then terminates straight after.

Is it the MTRouter or the Client that is terminating the session?
by bjohns
Mon Nov 08, 2004 1:15 am
Forum: General
Topic: Limiting on Packet Size
Replies: 1
Views: 850

Limiting on Packet Size

Hi Folks, Having a issue with clients who are infected with virii such as Welchia and Blaster and the way in which they spam the links with lots of small packets. This reeks havoc with wireless connections and basically causes a DoS on that AP. Is there any way that I can rate limit based upon packe...
by bjohns
Thu Oct 28, 2004 1:41 am
Forum: General
Topic: How many wireless clients per AP?
Replies: 9
Views: 2628

Bandwidth isn't the bottleneck really, it's the half duplex nature of 802.11b (nstream cures this). You have to treat an AP as a conventional class 1/11 repeater, you wouldn't throw too many people on a single segment, most cases you'd limit each segment to 12 seats. This is not exactly correct as a...